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REMARKS 



The Examiner has rejected Claims 1-6 and 8-16 under 35 U.S.C. 102(e) as being 
anticipated by Levi (U.S. Patent No. 6,804,778). Applicant respectfully disagrees with 
such rejection, especially in view of the amendments made hereinabove to each of the 
independent claims, Specifically, applicant has amended each of the independent claims 
to at least substantially include the subject matter of former dependent Claims 2-7 et al. 



With respect to the subject matter of former Claim 7 et al. (now at least 
substantially incorporated into each of the independent claims), the Examiner has rejected 
the subject matter of such claims under 35 U.S.C. 103(a) as being unpatentable over Levi 
(U.S. Patent No. 6,804,778) in view of Hershey et al. (U.S. Patent 5,414,833). 
Specifically, the Examiner has relied on the following excerpts from Hershey to make a 
prior art showing of applicant's claimed technique "wherein said malware scanner is 
operable to concatenate portions of a data file from a plurality of data packets to form a 
data file to be scanned" (see this or similar, but not necessarily identical language in each 
of the independent claims). 



"The adaptive, active monitor comprises two finite state machines 
(FSM) which are constructed to detect the occurrence of a 
characteristic data pattern having two consecutive component bit 
patterns. The first FSM is called the predecessor FSM, and it is: 
configured to detect the first component pattern. The second FSM 
is called the successor FSM, and it is configured to detect the 
second component pattern. The first FSM will send a starting 
signal to the second FSM, when the first FSM has successfully- 
detected the first component pattern. The starting signal 
initializes the second FSM, to take over the analysis of the 
portion of the bit stream which follows the first component 
pattern- If the second FSM successfully detects the second 
component pattern, it then outputs a pattern alarm signal, 
indicating the successful detection of the entire characteristic 
data pattern." (Col, 9, line G2 - col. 10, line 10) 

A The address register has two portions, an n-x bit wide first 
portion and a X-bit wide second portion X, x is one bit for 
binary data, X is a word of two bits for Manchester encoded data, 
or X is a word of five bits for FDD I encoded data. The X-bit wide 
portion i3 connected to the input data stream which contains the 
characteristic data pattern of interest. The n-X bit wide portion 
contains data which is output from the memory. The next address 
to be applied by the address register to che memory is made up of 
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the X-l bit wide portion and the next arriving X-bit word from 
the input data stream." (Col. 10, lines 49-60) 

After a careful review of the foregoing excerpt and Hie remaining Hersliey 
reference, however, it is clear that the Examiner has taken into consideration the full 
weight of applicant's claims. The only concatenation in Hershey is concatenation to form 
an address for a data storage location. This fails to meet applicant's claimed 
concatenation of "portions of a data file from a plurality of data packets to form a data 
file to be scanned " (emphasis added), as claimed. 

With respect to the 1 03 rejection, to establish a prima facie case of obviousness, 
three basic criteria must be met. First, there must be some suggestion or motivation, 
either in the references themselves or in the knowledge generally available to one of 
ordinary skill in the art, to modify the reference or to combine reference teachings, 
Second, there must be a reasonable expectation of success. Finally, the prior art reference 
(or references when combined) must teach or suggest all the claim limitations. The 
teaching or suggestion to make the claimed combination and the reasonable expectation 
of success must both be found in the prior art and not based on applicant's disclosure. In 
re Vaeck947 F-2d 488, 20 USPQ2d 1438 (Fed.Cir.199l). 

Applicant respectfully asserts that at least the third element of the prima facie 
case of obviousness has not been met, since the prior art references, when combined, fail 
to teach or suggest all of the claim limitations, as noted above. Nevertheless, despite 
such paramount deficiencies and in the spirit of expediting the prosecution of the present 
application, applicant has amended each of the independent claims to further distinguish 
applicant's claim language from the above reference, as follows: 

" wherein said network bridge is address-transparent with respect to data 
packets passing therethrough, such that at least in terms of addressing, no 
configuration changes are required when said network bridge is introduced in an 
associated network segment; 
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wherein , upon receipt of at least one of said data packets, said network 
bridge determines if said at least one data packet is intended for a recipient on a 
side of said network bridge on which said at least one data packet was received : 

wherein, if it is determined that said at least one data packet is intended for 
a recipient on a side of said network bridge on which said at least one data packet 
was received , said at least one data packet is not passed by said network bridge; 

wherein, if it is determined that said at least one data packet is not 
intended for a recipient on a side of said network bridge on which said at least one 
data packet was received, it is determined if said at least one data packet has a 
predetermined network layer protocol selected from the group consisting of 
TCP/IP; IPX; SNA; and Appletalk; 

wherein, if it is determined that said at least one data packet has said 
predetermined network layer protocol, it is determined if said at least one data 
packet has a predetermined application layer protocol selected from the group 
consisting of SMTP; FTP; HTTP; SMB; and NFS; 

wherein, if it is determined that said at least one data packet has said 
predetermined application layer protocol, portions of a data file from a plurality of 
said data packets are concatenated to foim a data file to be scanned; 

wherein, if it is determined that said at least one data packet does not have 
said predetermined application layer protocol , said at least one data packet is 
passed by said network bridge without being scanned* ' (emphasis added). 

Thus, now emphasized is the specific functionality of the network bridge, as well 
as the various conditional functionality that is set forth in the description of Figure 6 of 
the original application at least in part. No new matter has been added. Note that only 
applicant teaches and claims the two-tier conditional determination of determining 
whether a data packet has a predetermined network layer protocol and then application 
layer protocol, prior to concatenating, scanning, passing without scanning, etc., as 
claimed. 
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A notice of allowance or specific prior art showing of each of the foregoing claim 
elements, in combination with the remaining claimed features, is respectfully requested. 

Still yet, applicant brings to the Examiner's attention the subject matter of new 
Claims 28-30 below, which are added foT full consideration: 

"wherein said network bridge includes a pair of network interface units 
that operate to receive said data packets on an associated network line and pass 
said at least one data packet to a packet analysis unit connected thereto, said 
packet analysis unit coupled to a software based malware scanner and a hardware 
based malware scanner" (see Claim 28); 

'Vherein a plurality of said malware scanners is included with said 
network bridge, each malware scanner adapted for handling different 
predetermined network layer protocols and different predetermined application 
layer protocols, where said malware scanners are passed said at least one data 
packet based on said determination whether said at least one data packet has said 
predetermined network layer protocol and said determination whether said at least 
one data packet has said predetermined application layer protocol" (see Claim 
29); and 

"wherein, after scanning, a data file is broken down into said data packets 
for forwarding to an intended recipient" (see Claim 30). 

A notice of allowance or specific prior art showing of each of the foregoing claim 
elements, in combination with the remaining claimed features, is respectfully requested. 

Urns, all of the independent claims are deemed allowable, Moreover, the 
remaining dependent claims are further deemed allowable, in view of their dependence 
on such independent claims. 
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In the event a telephone conversation would expedite the prosecution of this 
application, the Examiner may reach the undersigned at (408) 505-5100. The 
Commissioner is authorized to charge any additional fees or credit any overpayment to 
Deposit Account No. 50-1351 (Order No. NAI1P443/01. 053.01). 



P.O. Box 721 120 

San Jose, CA 95172-1 120 




408-505-5100 
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